Closed GarrettGillas closed 12 years ago
This should be fixed now. It was an issue with how the roles were being checked. I've since created a single method to do this. See below.
In controllers: //Check to see if the user has permission to access $this->checkUserRoles(array('admin','manager'));
In app controller (Note: This still needs some work): /* * Handles checking the user role * $rolesToAllow : Roles that should be allowed to access a certain section / function checkUserRoles($rolesToAllow = array('admin')){ //User permission check $userRole = $this->Auth->user('role'); $totalRoles = count($rolesToAllow) - 1; //for($i = 0; $i<$totalRoles; $i++){ if($userRole != "admin" && $userRole != "manager"){ $this->Session->setFlash(__('You do not have permission to do this.', true)); $this->redirect(array('controller'=>'users','action' => 'login')); } //} }
Works.
Admin users seem to have restricted access to both the reports pages and the "Ad new..." pages. Right now they are sent to a login screen.